Sandboxie-Plus v1.11.2

on my 1.11.2 (over installed 1.9.8) with new DefaultTest sbox (created in 1.9.8) (with only change) enabling "Protect processes within this box from host processes".
the only change to DefaultTest sbox ini that I see is ConfidentialBox=y

Spoiler: ini pics

 

on my 1.11.2. When I call [Edge] sbox desktop shortcut created versions back. I see.

Spoiler: related pics

Mount Box Image -> Delete Content does not clear 2GB.
Mount Box Image -> Terminate Programs -> Delete Content does not clear 2GB.

Spoiler: related pics

maybe, my old [Edge] sbox shortcut is causal?
I need to Mount Box Image to have access to Sandboxie Settings (Vintage View). But, Box Structure settings are grayed out?

Edit: @busy #9 sorted my confusion. Sorry, I was so slow.

UseFileImage=n sorted all

 

I have the supporter certificate and there was no "golden-bullet"-indicators or tool-tip. That's why I was confused if 'Box Protection' needed an upgrade certificate or not. There should be some kind of indicator or 'This feature requires an upgrade certificate' at the end of the description. Here's what I saw:

In my case, when I activated 'Box Protection' I got the following:



When I terminated the process, I got the following:





No where did it say that I needed an upgrade certificate. So there should be a "golden-bullet"-indicator or wording to state that an upgrade certificate is required. That's why I was confused about this feature. I know these indicators disappear because I have a supporter certificate but there still needs to be something there. Hope this helps!

 

What is the function/purpose of all my desktop shortcuts newly added (1.11.2 - ImDisk Toolkit Installed) context menu item Mount as ImDisk Virtual Disk. Sorry, I've no experience with ImDisk. Does ImDisk Toolkit work independent of Sandboxie-Plus?

Spoiler: related pic

 

If ImDisk is installed with the "already checked defaults", it creates 3 desktop shortcuts and the context menu entry.
You can move the shortcuts to a convenient location or delete them. Sandboxie leverages the ImDisk driver internally
for ramdisks as well as encrypted image files via ImBox.exe. That is my understanding.
EDIT: And thanks for your reply in post #26

 

Sandboxie-Plus Add-Ons Manager Install button installed ImDisk Toolkit.

Spoiler: related pics

My desktop does not have 3 ImDisk desktop shortcuts.

 

I installed ImDisk directly (not thru sbie) with default settings and these three shortcuts appeared on my desktop:
C:\Program Files\ImDisk\MountImg.exe|RamDiskUI.exe
C:\Program Files\ImDisk\RamDiskUI.exe
C:\Windows\System32\imdisk.cpl

I just moved them out of the way. Sbie recognized the installation.

 

Okay. I'm hesitant to invoke ImDisk context menu item Mount as ImDisk Virtual Disk since, my ImDisk Toolkit was installed thru Sbie. Does my newly added context menu item Mount as ImDisk Virtual Disk have a function/purpose? Does my ImDisk Toolkit work independent of Sandboxie-Plus?
Until I understand/resolve #27. I'm hesitant to mount anything.

 

You can invoke the driver via sbie:
SandmanUI=>Sandbox=>Maintenance=>Virtual Disks

I have not used it, nor tried it.

 

Oh! okay. I've been using Vintage View (no Maintenance). I switched to Advanced View.

Spoiler: related pic

I need a user manual. Thanks
btw ~ my #27 is resolved

 

Please tell us how you resolved it

 

This is exactly why I've already stated that perhaps they shouldn't disappear but rather remain visible to everyone for the sake of transparency and better orientation even and in particular for (allegedly privileged) certificate holders.

 

Please see Edit: #27
Edit: @soccerfan
once I satisfied Box Protection. see #45
(not knowing Box Protection best practice - hiding or allowing)
Issues in #27 resolved and I was able to enable Store the sandbox content in a Ram Disk.

Code:

ConfidentialBox=y
UseRamDisk=y

Spoiler: related pic

 

Yes, it does! With those shortcuts you can declare and mount RAM-Disks totally independent from Sbie - and even further ones in addition to that, if your installed RAM-size permits that is.

 

What if my browsers discrete sbox's are forced. When I invoke a browser desktop shortcut context menu item Mount as ImDisk Virtual Disk. Won't a browser sbox be called?
Note: I do not have ImDisk Toolkit desktop shortcuts. see #32
My normal desktop shortcuts (not ImDisk) now include context menu item Mount as ImDisk Virtual Disk.

 

It does not add DenyHostAccess=*,y to the ini, but that's what internally hapening

Code:

protect_process = Process_GetConfEx_bool(proc2->box, nptr, L"DenyHostAccess", proc2->confidential_box);

If you have an older support cert this function is available, but to why the start fails I'll have to investigate this.
If you would to run into a cert issue there would be message 6004 (no cert termination in 5 min), 6008 (no cert no start used only for ram disk) or 6009 (no advanced encryption option no start) in the log.

The Add-on manager sets up a full standalone imdisk tooklit installation so yea you can use it to create ram disk, mount normal not encrypted images, etc...
From the maintenance menu of sbie+ you can even invoke the standard imdisk toolkit control panel applet, useful for example to increase the size of a volume.
If you use the imdisk options outside of sandman thry will just do their usual imdisk stuff, no sandboxing nothing just raw image mounting.

 

@DjKilla

If ConfidentialBox is set:

Process launch issue (You may need to do this for other File Managers as well):

Code:

DenyHostAccess=explorer.exe,n

No audio issue:

Code:

DenyHostAccess=audiodg.exe,n

For Task Managers:

Code:

DenyHostAccess=Procexp64.exe,n

For WinHTTP Web Proxy Auto-Discovery Service (WinHttpAutoProxySvc):

Code:

DenyHostAccess=lsass.exe,n

 

as test:
context menu Mount as ImDisk Virtual Disk against Chrome desktop shortcut.

Spoiler: related pic

context menu Mount as ImDisk Virtual Disk against desktop TaskExplorer-v1.5.2.exe file.

Spoiler: related pic

 

I wanted to clarify on exactly what I've got. I purchased the 'Sandboxie Plus Subscription' in July this year. So the 'Box Protection' isn't available to me because I would need to purchase the 'Sandboxie-Plus Advanced Encryption Pack'. What I posted above is what happens when I enable 'Box Protection' without the 'Sandboxie-Plus Advanced Encryption Pack'. So I didn't know if 'Box Protection' was available to me because there was no error message, "golden-bullet"-indicator or wording to state that an upgrade certificate is required. If it's confusing to me, I'm sure it's confusing for others. Maybe another tab could be added to the bottom of the box settings to indicate what features need a certificate or a message when you try to enable such feature like a pop-up, tool-tip, error message, indicator to state you need a certificate whether you have one or not.

 

Box Protection enabled in my browser discrete sbox's (Edge|Chrome|Firefox)

Spoiler: related pic

Do I just Hide all such messages?
Or, allow host access?

Code:

DenyHostAccess=NortonSecurity.exe,n
DenyHostAccess=explorer.exe,n
DenyHostAccess=ctfmon.exe,n

I've tested in my Edge sbox.
1) Hide all such messages
2) DenyHostAccess=name.exe,n
I'm not knowing Box Protection best practice - hiding or allowing.
I'm not sensing a difference (1 vs 2) in my Edge sbox...at this time.
Edit: regarding best practice see @busy #52
Edit2: I sensed a difference. No sound. DenyHostAccess=audiodg.exe,n

 

TaskExplorer.exe is not a disk image, imDisk on its own is just an image mounter.

@DjKilla in that case you should be able to use ConfidentialBox=y with that cert, the start error must be some issue/bug, how did you run firefox? From the run menu or via force process? The UI shows that its suspended what indicates that a process which started it, did so in suspended state and then did not have the permissions to resume it.
The idea is that the "golden-bullet"-indicators indicates for which options a cert is needed, and the tooltip of the indicator says if its a normal or an advanced one.

 

Oh, okay. If I want to use ImDisk on it's own - outside of Sboxie. I need to create a RAM Disk with ImDisk - outside of Sboxie.

 

Correct!

 

Ok, looks like 'Box Protection' can be used without purchasing a 'Sandboxie-Plus Advanced Encryption Pack'. Only a Sandboxie Plus Subscription/Personal certificate is needed. I got everything working now thanks to Busy. I needed to add DenyHostAccess=explorer.exe,n and DenyHostAccess=audiodg.exe,n for it to work. I think having 'Issue message 1318/1317 when a host process tries to access a sandboxed process/the box root' should be enabled by default when enabling 'Box Protection'. This might be common sense to do this but enabling it helped me a lot.

So pertaining to my setup, I want to be sure I understand what 'Box Protection' does. I'm using a red box with data protection which are boxes set up such that programs can only read the HKLM, C:\Windows, C:\Program Files, C:\Program Files (x86) and nothing else, no HKCU and no other path on any volume. This way boxed programs can not access any private or personal data. Little helper or additional programs needed for my main programs are added to Program Control>Start Restrictions (For example, my forced program Microsoft Edge would need it's helper programs like RuntimeBroker.exe, identity_helper.exe, etc. to be added to Start Restrictions) and any additional paths or access to registry settings outside of Data Protection would be added in Resource Access. This covers my main programs Firefox, Thunderbird and Microsoft Edge along with their little helper programs, paths and access to registry settings. But does not cover any host processes which can still be run freely without restrictions which could be an attack vector. So enabling 'Box Protection' takes care of that giving you protection against host processes from running freely inside the box similar to Data Protection. Is that correct?

 

How to regain access to Change Password?
Do I need to Remove -> re-Install ImDisk Toolkit?
Does Remove work against pre-installed Add-On?

Spoiler: related pics

Edit: Remove against ImDisk Toolkit =